European Commission, experts uneasy over WP29 data portability interpretation

European Commission

The European Commission has written to EU Privacy regulators to express concern over their interpretation of the data portability clause in the General Data Protection Regulation. 

Specifically, the Commission appears to be worried that the regulators have interpreted too broad a scope for the GDPR's Article 20. The Article 29 Working Party (WP29), the group that represents EU Privacy regulators, issued guidelines earlier this month in which it said "the right to data portability covers data provided knowingly and actively by the data subject as well as the personal data generated by his or her activity."

The guidelines went on to specify that this could include "observed data provided by the data subject by virtue of the use of the service or the device," such as the subject's search history, traffic data and location data – and even "raw data such as the heartbeat tracked by a wearable device."

The WP29's guidelines are supposed to harmonize the approaches of regulators across the bloc as they handle complaints about the GDPR's application, once it goes into effect in May 2018.

"We value the work of [WP29] on [the guidelines], but also have certain concerns that the guidelines might go beyond what was agreed by the co-legislators in the legislative process," a commission spokesperson told The Privacy Advisor. "The scope shouldn't go beyond what was agreed in the trilogues."

The spokesperson would not be drawn on the commission's specific concerns. However, the issue of "observed data" was one of the most controversial aspects of the draft guidelines that the WP29 issued in December, and it was still there in the revised version that came out on 5 April.

Article 20 itself states that "the data subject shall have the right to receive the personal data concerning him or her, which he or she has provided to a controller, in a structured, commonly used and machine-readable format and have the right to transmit those data to another controller without hindrance from the controller to which the personal data have been provided."

The accompanying Recital 68 explains: "That right should apply where the data subject provided the personal data on the basis of his or her consent or the processing is necessary for the performance of a contract.

Share it:
Share it:

[Social9_Share class=”s9-widget-wrapper”]

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.

You Might Be Interested In

Luggage Tag Code Unlocks Your Flights, Identity to Hackers

3 Jan, 2017

Booking a flight has become a simple process thanks to the Internet, and once you have flights secured you can …

Read more

How industry can protect privacy in the age of connected toys

7 Dec, 2016

As we enter the season of holiday shopping, many of the most popular children’s toys on the market are designed …

Read more

Tech-Savvy Innovative Hotels Are More Vulnerable to Data Breaches

6 May, 2017

The race to become the most innovated and tech-savvy hotel is on. Hotels have increasingly begun working with technology companies …

Read more

Do You Want to Share Your Story?

Bring your insights on Data, Visualization, Innovation or Business Agility to our community. Let them learn from your experience.

Get the 3 STEPS

To Drive Analytics Adoption
And manage change

3-steps-to-drive-analytics-adoption

Get Access to Event Discounts

Switch your 7wData account from Subscriber to Event Discount Member by clicking the button below and get access to event discounts. Learn & Grow together with us in a more profitable way!

Get Access to Event Discounts

Create a 7wData account and get access to event discounts. Learn & Grow together with us in a more profitable way!

Don't miss Out!

Stay in touch and receive in depth articles, guides, news & commentary of all things data.